Thursday, 4 October 2012

Session Fixation

Session Fixation

In this an attacker explicitly sets the session identifier of a session for a user. Typically in PHP it's done by giving them a url like http://www.mysite.com/index.php?session_name=session_id. Once the attacker gives the url to the client, the attack is the same as a session hijacking attack.
Default session_name is PHPSESSID
session_id is a unique string  and it is in the range a-z A-Z 0-9 , (comma) and - (minus)!

The most crucial piece of information for an attacker is the session identifier, because this is required for any impersonation attack. There are three common methods used to obtain a valid session identifier:

  1.     Prediction: Guessing a valid session identifier. With PHP's native session mechanism, the session identifier is extremely random, and this is unlikely to be the weakest point.
  2.     Capture: Capturing a valid session identifier is the most common type of session attack, and there are numerous approaches for capturing session_id,  because session identifiers are typically propagated in cookies or as GET variables.
  3.     Fixation:  Fixation is the simplest method of obtaining a valid session identifier by using session_id() after session_start()


What to do
By default session_name is PHPSESSID, so this session name either from php.ini file OR  with use of php function session_name. For example session_name('new_session_name')
Set session.use_trans_sid = 0 in your php.ini file. This will tell PHP not to include the identifier in the URL, and not to read the URL for identifiers.
Set session.use_only_cookies = 1 in your php.ini file. This will tell PHP to never use URLs with session identifiers.
Regenerate the session ID anytime the session's status changes. That means any of the following:
User authentication
  • Storing sensitive info in the session
  • Changing anything about the session




Best Related Posts are Following:

  1. Top 10 PHP Interview Questions and Answers.
  2. PHP Questions and Answers for experienced.
  3. PHP Difficult Interview Questions and Answers.
  4. How to Detect Request type (GET OR Post ) in PHP.
  5. PHP Basic questions and answers for fresher and experienced.
  6. PHP Mysql Interview Questions and Answers for fresher and experienced.
  7. PHP interview questions and answers for 5 year experienced.
  8. PHP Frequently asked Questions and Answer 2015.
  9. PHP problem solving interview questions and answers for Fresher and Experienced.
  10. PHP Interview Questions and Answers for 2 year Experience.
  11. What is stdClass? and How to create stdClass class?.
  12. Advanced PHP Interview Questions and Answers.
  13. SPDY Protocol - Improve the Speed of web page.
  14. PHP Technical Interview Questions and Answers for Fresher and Experienced.
  15. How to stop parsing the HTML tags?.
  16. Difference between Notice and warning and fatal error.
  17. Object Oriented Programming in PHP.
  18. Htaccess RewriteRule Flags by Code Example.
  19. Enabling the openssl in Wamp-Xampp.
  20. How to find day of week in php in a specific timezone.
  21. Zend Cache Tutorial - Zend Framework 1.12.
  22. Important PHP Interview Questions and Answers - jQuery, SQL Modes, Client Programs and Reset.
  23. PHP Check Mime Type of File - Return Information About A File.
  24. PHP Captcha Code Example Code Snippets.
  25. PHP - Secure Ajax Call from Hackers - Example.
  26. Zend Database Query - Zend Profiler Example - Code Snippets.
  27. Export to CSV File - PHP.
  28. htaccess code snippets example.
  29. OOP Interview Questions and Answers.
  30. CURL Example.
  31. PHP Interview Questions and Answers PDF.
  32. Stored Procedure - Advantage of Stored Procedure - Disadvantage of Stored Procedure.
  33. How To Track the Real IP Address Behind the Proxy - PHP - REMOTE_ADDR.
  34. Pending Interview Questions and Answers.
  35. Cache in PHP - Speed Up your website.
  36. PHP DataStructures.
  37. php interview questions and answers for 1 year experience.
  38. PHP Interview Questions and Answers for Experienced.
  39. Difference between Abstract class and Interface in PHP.
  40. Concurrent Connections of Apache Server.
  41. Regular Expressions PHP/Javascript.
  42. php interview questions and answers.
  43. What is Zend Engine in PHP.
  44. SQL Injection Attack - PHP & MySQL.
Labels:

Session Hijacking in PHP

Session Hijacking

Session Hijacking is term where attackers hold of a session identifier and is able to send requests as if they were that user.
In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server.
It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft).


How to prevent your data from Session Hijacking
1) In php.ini set session.hash_function = sha256 or session.hash_function = sha512.
2) In php.ini set  session.hash_bits_per_character = 5
3) Add "user agent" (browser) in session  & check each subsequent request.
4) Add IP Address in session  & check each subsequent request.
5) Change the name of the session from the default PHPSESSID
6) In secure pages ask for reenter the password.




Best Related Posts are Following:

  1. Top 10 PHP Interview Questions and Answers.
  2. PHP Questions and Answers for experienced.
  3. PHP Difficult Interview Questions and Answers.
  4. How to Detect Request type (GET OR Post ) in PHP.
  5. PHP Basic questions and answers for fresher and experienced.
  6. PHP Mysql Interview Questions and Answers for fresher and experienced.
  7. PHP interview questions and answers for 5 year experienced.
  8. PHP Frequently asked Questions and Answer 2015.
  9. PHP problem solving interview questions and answers for Fresher and Experienced.
  10. PHP Interview Questions and Answers for 2 year Experience.
  11. What is stdClass? and How to create stdClass class?.
  12. Advanced PHP Interview Questions and Answers.
  13. SPDY Protocol - Improve the Speed of web page.
  14. PHP Technical Interview Questions and Answers for Fresher and Experienced.
  15. How to stop parsing the HTML tags?.
  16. Difference between Notice and warning and fatal error.
  17. Object Oriented Programming in PHP.
  18. Htaccess RewriteRule Flags by Code Example.
  19. Enabling the openssl in Wamp-Xampp.
  20. How to find day of week in php in a specific timezone.
  21. Zend Cache Tutorial - Zend Framework 1.12.
  22. Important PHP Interview Questions and Answers - jQuery, SQL Modes, Client Programs and Reset.
  23. PHP Check Mime Type of File - Return Information About A File.
  24. PHP Captcha Code Example Code Snippets.
  25. PHP - Secure Ajax Call from Hackers - Example.
  26. Zend Database Query - Zend Profiler Example - Code Snippets.
  27. Export to CSV File - PHP.
  28. htaccess code snippets example.
  29. OOP Interview Questions and Answers.
  30. CURL Example.
  31. PHP Interview Questions and Answers PDF.
  32. Stored Procedure - Advantage of Stored Procedure - Disadvantage of Stored Procedure.
  33. How To Track the Real IP Address Behind the Proxy - PHP - REMOTE_ADDR.
  34. Pending Interview Questions and Answers.
  35. Cache in PHP - Speed Up your website.
  36. PHP DataStructures.
  37. php interview questions and answers for 1 year experience.
  38. PHP Interview Questions and Answers for Experienced.
  39. Difference between Abstract class and Interface in PHP.
  40. Concurrent Connections of Apache Server.
  41. Regular Expressions PHP/Javascript.
  42. php interview questions and answers.
  43. What is Zend Engine in PHP.
  44. SQL Injection Attack - PHP & MySQL.
Labels: ,
Subscribe to: Comments ( Atom )